7.8
CVE-2024-50051
- EPSS 0.23%
- Veröffentlicht 11.01.2025 13:15:24
- Zuletzt bearbeitet 03.11.2025 21:16:55
- CVE-Watchlists
- Unerledigt
spi: mpc52xx: Add cancel_work_sync before module remove
In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: Add cancel_work_sync before module remove If we remove the module which will call mpc52xx_spi_remove it will free 'ms' through spi_unregister_controller. while the work ms->work will be used. The sequence of operations that may lead to a UAF bug. Fix it by ensuring that the work is canceled before proceeding with the cleanup in mpc52xx_spi_remove.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 3.1 < 5.4.287
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.231
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.174
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.120
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.66
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.5
Linux ≫ Linux Kernel Version6.13 Updaterc1
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.131 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://git.kernel.org/stable/c/373d55a47dc662e5e30d12ad5d334312f757c1f1
https://git.kernel.org/stable/c/90b72189de2cddacb26250579da0510b29a8b82b
https://git.kernel.org/stable/c/984836621aad98802d92c4a3047114cf518074c8
https://git.kernel.org/stable/c/cd5106c77d6d6828aa82449f01f4eb436d602a21
https://git.kernel.org/stable/c/d0cde3911cf24e1bcdd4caa1d1b9ef57589db5a1
https://git.kernel.org/stable/c/e0c6ce8424095c2da32a063d3fc027494c689817
https://git.kernel.org/stable/c/f65d85bc1ffd8a2c194bb2cd65e35ed3648ddd59
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html